This node lets you sign an XML message. N.B.: Using this node requires the XML Firewall license option.
- Display name: The name of the node as it will appear in the Workflow. Replaces the term “XML Sign”.
- XML Document: The XML document to be signed. Such an attribute is generally generated by an XML Parsing node.
- Key Store: the XML keystore containing the keys
- Key Name: private key to use in signing the XML
- Sign Algorithm: The signing algorithm used. A value generally used for SAML signing is RSA-SHA1.
- Digest Algorithm: The Digest Algorithm used for the signing. A value generally used for SAML signing is SHA1.
- Canonicalization method: A method generally used for SAML signing is Exclusive C14N without comments.
- Provide X509 Certificate: Specifies whether the public key associated with the signing certificate must be added (in the "X509Certificate" XML tag).
The public key must be present in the XML Keystores (in addition to the private key) for the node to add it to the XML message.
- Provide Key value: Specifies whether the Modulus and Exponent elements of the value of the RSA key must also be added (in the RSAKeyValue tag).
The public key must be present in the XML Keystores (in addition to the private key) for the node to add them to the XML message.
- Id tag: name of the identification attribute of the element to be signed. By default "xml:id".
- Sign whole document: Signs the entire XML document or only a subset. When this parameter is set to Yes, the additional parameters below are used to specify the part to be signed and associate a namespace with it.
- XPath expression: an XPath expression for reaching the part of the XML document to be signed. For example: "//Assertion".
The signature element is added at the end of the XML document. Using an XML Modify node cascaded from this node, for example, lets you “move” the signature in the XML document if that is necessary.